A proposed approach to compound file fragment identification

Research output: A Conference proceeding or a Chapter in BookConference contributionpeer-review

5 Citations (Scopus)

Abstract

One of the biggest challenges in file fragment classification is the low classification rate of compound files known as high entropy files that contain different types of data, such as images and compressed text. It is seen that current methods for file fragment classification may not work for classifying these compound files. In this paper we propose a novel approach based on detecting deflate-encoded data in compound file fragments then decompress that data before applying a machine learning technique for classification. We apply our proposed method to classify Adobe portable document format (PDF) file type. Experiments showed high classification rate for the proposed method.
Original languageEnglish
Title of host publicationNetwork and System Security - 8th International Conference, NSS 2014, Proceedings
Subtitle of host publication8th International Conference, NSS 2014 Xi’an, China, October 15-17, 2014 Proceedings
EditorsMan Ho Au, Barbara Carminati, C.-C. Jay Kuo
Place of PublicationCham, Switzerland
PublisherSpringer
Pages493-500
Number of pages8
Volume8792
ISBN (Electronic)9783319116976
ISBN (Print)9783319116976
DOIs
Publication statusPublished - 2014
EventThe 8th International Conference on Network and System Security 2014 - Xian, Xian, China
Duration: 15 Oct 201417 Oct 2014

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8792

Conference

ConferenceThe 8th International Conference on Network and System Security 2014
Country/TerritoryChina
CityXian
Period15/10/1417/10/14

Fingerprint

Dive into the research topics of 'A proposed approach to compound file fragment identification'. Together they form a unique fingerprint.

Cite this